In message <[EMAIL PROTECTED]>, Ian G writes: >Alexander Klimov wrote: >> On Wed, 11 Jan 2006, Ian G wrote: >> >> >>>Even though triple-DES is still considered to have avoided that >>>trap, its relatively small block size means you can now put the >>>entire decrypt table on a dvd (or somesuch, I forget the maths). >> >> >> This would need 8 x 2^{64} bytes of storage which is approximately >> 2,000,000,000 DVD's (~ 4 x 2^{32} bytes on each). >> >> Probably, you are referring to the fact that during encryption of a >> whole DVD, say, in CBC mode two blocks are likely to be the same >> since there are an order of 2^{32} x 2^{32} pairs. > >Thanks for the correction, yes, so obviously I >muffed that one. I saw it mentioned on this list >about a year ago, but didn't pay enough attention >to recall the precise difficulty that the small >block size of 8 bytes now has.
The difficulty with 3DES's small blocksize is the 2^32 block limit when using CBC -- you start getting collisions, allowing the attacker to start building up a code book. The amount of data is quite within reach at gigabit speeds, and gigabit Ethernet is all but standard equipment on new computers. Mandatory arithmetic: 2^32 bytes is 2^38 bits, or ~275 * 10^9. At 10^9 bits/sec, that's less than 5 minutes. Even at 100M bps -- and that speed *is* standard today -- it's less than an hour's worth of transmission. The conclusion is that if you're encrypting a LAN, you need AES or you need to rekey fairly often. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]